cPanel Hosting Stuff

Summary

cPanel 11.25.0 provides mechanisms to prevent Cross Site Request Forgery attacks.

Security Rating

This update has been rated as having an Important security rating by the cPanel Security team.

Description

All versions of cPanel prior to version 11.25.0 are vulnerable to cross site request forgery attacks. Cross-site request forgery, often abbreviated as CSRF or XSRF, exploits the trust a website has in a user’s browser. By exploiting that trust a malicious user can execute unauthorized commands on a website.

Solution

cPanel 11 users should upgrade to version 11.25.0 which contain mechanisms to prevent these types of attacks. To insure full protection, the following options in Tweak Settings are strongly recommended to be enabled:

• Require security tokens for all interfaces. This will greatly improve the security of cPanel and WHM against XSRF attacks, but may break integration with other systems, login applications, billing software and third party themes.
• Validate the IP addresses used in all cookie based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled.
• Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

In addition it is recommended the following Tweak Settings be disabled:

• Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)
• Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)

Source from :

http://www.cpanel.net/2009/10/cpanel-security-advisory-cve-2008-2043.html

Cpanel Hosting News

cPanel, announced this week the release of version 11.24 of their industry leading server management software.  Version 11.24 introduces a new initiative to cPanel’s software, cPanel Accelerated.  cPanel Accelerated brings new features designed to decrease system resource usage and increase speed and performance significantly from previous versions.

A substantial portion of the codebase of cPanel and the x3 interface itself has been streamlined and made to perform better and require less bandwidth.  Also available as part of cPanel Accelerated are two alternatives for DNS and IMAP.  The NSD nameserver can reduce memory usage for DNS functions by up to 40% over BIND.  On busy nameservers that can add up to a huge resource savings.  Also included in version 11.24 is Dovecot IMAP as an alternative to Courier IMAP.  Dovecot provides up to a 25% reduction in disk I/O as well as using between 10% to 70% less memory then Courier.  Security has also been enhanced with the reworking of cPanel’s process monitoring daemon to include service specific verification which helps to improve the security of running processes.  Backups are faster too.  Pkgacct 8 has been reworked to become significantly faster then previous versions.  That means you can safely backup your data and restore it, both incrementally & non-incrementally much more quickly then previous versions.  This all adds up to increased performance, reduced resource usage and ultimately a more efficient webhosting operation for cPanel customers.

As of Thursday, 10/30/2008, 11.24 and all its new enhancements will be available in the CURRENT build of cPanel.  11.24 will then make its way into the STABLE tree later in November.  The best part of upgrading to 11.24 is that it’s very simple.  Also, many of the improvements introduced require no user interaction, they just work.

For more information on the improvements introduced in cPanel 11.24 please the following URL for more information.

http://www.cpanel.net/products/cpwhm/cpanel11/new-features.htm

Cpanel Hosting News 11.24, Cpanel, whm

Cpanel Hosting News

cPanel and WHM 11.24 offer new features such as NSD and Dovecot while streamlining our code base. The end result is a sleeker program that minimizes system requirements. The x3 interface itself has also been streamlined, requiring significantly less bandwidth, as seen in the figures below. These new features will result in faster overall load times and improve your everyday web hosting experience.

The amount of improvements made to the core software can not be overstated. We have improved interfaces for configuring mail servers, FTP servers, web servers, and name servers. DNS clustering has also been imbued with many speed enhancements which, coupled with NSD will make DNS functions run at top speed. cPanel’s backup system has been reworked to realize significantly higher speeds. This will make creating, or restoring from. incremental or compressed backups substantially faster.

Also introduced in 11.24 is the cPanel Accelerated initiative. This new track for cPanel caters directly to dedicated server owners and administrators. The backend engine of cPanel has many updates and is reworked to yield enhanced performance on dedicated servers.

Source : cpanel.net

Cpanel Hosting News Cpanel, whm